#!/bin/sh
./kube-apiserver \
  --apiserver-count=3 \
  --advertise-address=192.168.6.233 \
  --allow-privileged=true \
  --audit-log-path=/data/logs/kubernetes/kube-apiserver/audit.log \
  --audit-policy-file=./conf/audit.yaml \
  --authorization-mode="Node,RBAC" \
  --client-ca-file=./cert/ca.pem \
  --requestheader-client-ca-file=./cert/ca.pem \
  --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,MutatingAdmissionWebhook,ValidatingAdmissionWebhook,ResourceQuota \
  --etcd-cafile=./cert/ca.pem \
  --etcd-certfile=./cert/client.pem \
  --etcd-keyfile=./cert/client-key.pem \
  --etcd-servers=https://192.168.6.231:2379,https://192.168.6.232:2379,https://192.168.6.233:2379 \
  --service-account-key-file=./cert/ca.pem \
  --service-account-signing-key-file=./cert/ca-key.pem \
  --service-account-issuer=https://kubernetes.default.svc.cluster.local \
  --service-cluster-ip-range=10.100.0.0/16 \
  --service-node-port-range=30000-32767 \
  --target-ram-mb=1024 \
  --kubelet-client-certificate=./cert/client.pem \
  --kubelet-client-key=./cert/client-key.pem \
  --log-dir=/data/logs/kubernrtes/kube-apiserver \
  --enable-bootstrap-token-auth=true \
  --tls-cert-file=./cert/apiserver.pem \
  --tls-private-key-file=./cert/apiserver-key.pem \
  --v=2